Air Force CTO Explains Common Attacks Against Gov and How to Prepare

With over 75,000 reported federal cybersecurity incidents in 2015, it’s no surprise that there are multiple ways in which systems can be vulnerable to attacks.

At a recent GovLoop event focused on government cybersecurity, Frank Konieczny, Chief Technology Officer for the Air Force, spoke about the number of attack surfaces hackers have the potential to break through, as well as the main drivers behind those attacks.

In order to better understand the potential threats to an agency, it is important to acknowledge the different reasons an attack might be happening. According to Konieczny, there are three main objectives behind most malicious operations: data related, mission operations related, and operations related attacks through data. Each of these initiatives produces different outcomes, whether that be blackmail, a disruption of communications, causing anxiety, or blocking access to data for ransom.

The plethora of ways in which attackers are able to infiltrate agencies’ systems is quite astonishing. A common method that hackers use is spear phishing. That’s why it is important to always be aware of senders and URLs in any email you receive. For example, if you receive an email from an unknown sender with a link asking you to sign up for a contest, look closely at that URL and even manually type it into a new browser window to make sure there’s nothing fishy with the link.

Social engineering, another infiltration tool Konieczny mentions, has proven itself to be “the most effective way of getting to know what was going on in your office,” in recent history. From scouring social media sites and collecting information, to calling an office to casually check in on someone’s whereabouts, social engineering is a highly inconspicuous way to garner information for an attack.

That’s not all. When employees click on links and download apps that have not been properly vetted they create another inroad for hackers to gain access. However, that isn’t the only way in which staff members are putting their agencies at risk. Connecting to a non-secure wireless internet server or bluetooth device can also give cybercriminals unfettered access to your device. Performing sensitive work in a public place is also a dangerous mistake employees can make. This may seem like a no-brainer, but it can still be a gray area, which is why agencies should focus on making employee security trainings for employees more practical and current.

In fact, some agencies send fake phishing emails to employees to keep them on their toes and aware of how easy it is to get attacked. This new take on training has been highly successful in keeping employees aware of what they’re doing and how to stay on top of their security. This spin on traditional training also makes employees more aware of everyday actions that may play a greater role in allowing bad actors into their servers, such as using non-sanctioned computers for sensitive work, or accessing their personal email on work computers.

Once hackers are able to establish a foothold, using any number of the techniques mentioned above, they are free to move around the network and exploit security weaknesses. This then makes way for hackers to install ransomware, which has already garnered over $200 million in losses in 2016, as well as malware. These, along with mobile phone attacks and WiFi attacks are making risk management for cybersecurity that much more important.

Risk management, along with risk understanding, are what Konieczny has been driving across the Air Force. Being able to “look at it from a risk viewpoint” allows users to realize that “the bad guys are going to be there,” and take a more defensive approach to protecting their systems. Along with those techniques, Konieczny also mentioned that as cybersecurity capabilities mature we are becoming more adept at using predictive defense to proactively respond to threats.

In order to move forward with a heightened sense of cybersecurity, Konieczny says it is important to understand what you must do “to keep going” and what you absolutely need to defend to maintain a secure cyber environment.